1. Field of the Invention
The present invention relates generally to the field of digital imaging, digital image recognition, and utilization of image recognition to applications such as authentication and access control. The device utilized for the digital imaging is a portable wireless device with imaging capabilities.
The invention utilizes an image of a display showing specific information which may be open (that is clear) or encoded. The imaging device captures the image on the display, and a computational facility will interpret the information (including prior decoding of encoded information) to recognize the image. The recognized image will then be used for purposes such as user authentication, access control, expedited processes, security, or location identification.
Throughout this invention, the following definitions apply:
“Computational facility” means any computer, combination of computers, or other equipment performing computations, that can process the information sent by the imaging device. Prime examples would be the local processor in the imaging device, a remote server, or a combination of the local processor and the remote server.
“Displayed” or “printed”, when used in conjunction with an object to be recognized, is used expansively to mean that the object to be imaged is captured on a physical substance (as by, for example, the impression of ink on a paper or a paper-like substance, or by engraving upon a slab of stone), or is captured on a display device (such as LED displays, LCD displays, CRTs, plasma displays, or cell phone displays).
“Image” means any image or multiplicity of images of a specific object, including, for example, a digital picture, a video clip, or a series of images.
“Imaging device” means any equipment for digital image capture and sending, including, for example, a PC with a webcam, a digital camera, a cellular phone with a camera, a videophone, or a camera equipped PDA.
“Trusted” means authenticated, in the sense that “A” trusts “B” if “A” believes that the identity of “B” is verified and that this identity holder is eligible for the certain transactions that will follow. Authentication may be determined for the device that images the object, and for the physical location of the device based on information in the imaged object.
2. Description of the Related Art
There exist a host of well documented methods and systems for applications involving mutual transfer of information between a remote facility and a user for purposes such as user authentication, identification, or location identification. Some examples are:
1. Hardware security tokens such as wireless smart cards, USB tokens, Bluetooth tokens/cards, and electronic keys, that can interface to an authentication terminal (such as a PC, cell phone, or smart card reader). In this scheme, the user must carry these tokens around and use them to prove the user's identity. In the information security business, these tokens are often referred to as “something you have”. The tokens can be used in combination with other security factors, such as passwords (“something you know”) and biometric devices (“something you are”) for what is called “multiple factor authentication”. Some leading companies in the business of hardware security tokens include RSA Security, Inc., Safenet, Inc., and Aladdin, Inc.
2. The utilization of a mobile phone for authentication and related processes (such as purchase or information retrieval), where the phone itself serves as the hardware token, and the token is verified using well known technology called “digital certificate” or “PKI technology”. In this case, the authentication server communicates with the CPU on the phone to perform challenge-response authentication sequences. The phone can be used both for the identification of the user, and for the user to make choices regarding the service or content he wishes to access. For example, this authentication method is used in the WAP browsers of some current day phones via digital certificates internal to the phone, to authenticate the WAP site and the phone to each other.
3. Authentication by usage of the cellular networks' capability to reliably detect the phone number (also called the “MSISDN”) and the phone hardware number (also called the “IMEI”) of a cellular device. For example, suppose an individual's MSISDN number is known to be +1-412-333-942-1111. That individual can call a designated number and, via an IVR system, type a code on the keypad. In this case, cellular network can guarantee with high reliability that the phone call originated from a phone with this particular MSISDN number—hence from the individual's phone. Similar methods exist for tracing the MSISDN of SMS messages sent from a phone, or of data transmission (such as, for example, Wireless Session Protocol “WSP” requests).
These methods and systems can be used for a wide variety of applications, including:
1. Access control for sensitive information or for physical entrance to sensitive locations.
2. Remote voting to verify that only authorized users can vote, and to ensure that each user votes only once (or up to a certain amount of times as permitted). Such usage is widespread currently in TV shows, for example, in rating a singer in a contest.
3. Password completion. There exist web sites, web services and local software utilities, that allow a user to bypass or simplify the password authorization mechanism when the user has a hardware token.
4. Charging mechanism. In order to charge a user for content, the user's identity must be reliably identified. For example, some music and streaming video services use premium SMS sent by the user to a special number to pay for the service—the user is charged a premium rate for the SMS, and in return gets the service or content. This mechanism relies on the reliability of the MSISDN number detection by the cellular network.
Although there are a multitude of approaches to providing authentication or authenticated services, these approaches have several key shortcomings, which include:
1. Cost and effort of providing tokens. Special purpose hardware tokens cost money to produce, and additional money to send to the user. Since these tokens serve only the purpose of authentication, they tend to be lost, forgotten or transferred between people. Where the tokens are provided by an employer to an employee (which is frequently but not always the specific use of such tokens), the tokens are single purpose devices provided to the employee with no other practical benefits to the employee (as compared to, for example, cellular phones which are also sometimes provided by the employer but which serve the employee for multiple purposes). It is common for employees to lose tokens, or forget them when they travel. For all of these reasons, hardware tokens, however they are provided and whether or not provided in an employment relationship, need to be re-issued often. Any organization sending out or relying upon such tokens must enforce token revocation mechanisms and token re-issuance procedures. The organization must spend money on the procedures as well as on the procurement and distribution of new tokens.
2. Limited flexibility of tokens. A particular token typically interface only to a certain set of systems and not to others—for example, a USB token cannot work with a TV screen, with a cellular phone or with any Web terminal/PC that lacks external USB access.
3. Complexity. The use of cellular devices with SMS or IVR mechanisms is typically cumbersome for users in many circumstances. The users must know which number to call, and they need to spend time on the phone or typing in a code. Additionally, when users must choose one of several options (e.g., a favorite singer out of a large number of alternatives) the choice itself by a numeric code could be difficult and error prone—especially if there are many choices. An implementation which does not currently exist but which would be superior, would allow the user to direct some pointing device at the desired option and press a button, similar to what is done in the normal course of web browsing.
4. Cost of service. Sending a premium SMS or making an IVR call is often more expensive than sending data packets (generally more expensive even than sending data packets of a data-rich object such as a picture).
5. Cost of service enablement. Additionally, the service provider must acquire from the cellular or landline telecom operator, at considerable expense, an IVR system to handle many calls, or a premium SMS number.
6. Difficulty in verification of user physical presence. When a user uses a physical hardware token in conjunction with a designated reader, or when the user types a password at a specific terminal, the user's physical presence at that point in time at that particular access point is verified merely by the physical act. The current scheme does not require the physical location of the sending device, and is therefore subject to user counterfeiting. For example, the user could be in a different location altogether, and type an SMS or make a call with the information provided to the user by someone who is at the physical location. (Presumably the person at the physical location would be watching the screen and reporting to the user what to type or where to call.) Thus, for example, in SMS based voting, users can “vote” to their favorite star in a show without actually watching the show. That is not the declared intention of most such shows, and defeats the purpose of user voting.